Hello, I have a BGP link on my Fortigate.  We recently had a case whereby the L3 link was still up even though the Internet was unavailable. Therefore,I want to set up an SLA (pinging to 8.8.8.8) to monitor that the Internet is up. If not, then I need to remove all BGP routes or shut down that link. Is this going to be possible, or will the SLA only work with static routes ?   Thank you,

Hello, I have a Fortigate policy whereby I want to specify that a user has to belong to TWO user groups in order to pass the policy. However, I am finding that the user only needs to match one group, but I want BOTH groups to be matched.   Is there any way to do this ? Thank you.

Hello, I have a VDOM_A with an interface to our ISP that receives DHCP and a default route. I also have a BGP peer relationship in VDOM_A with VDOM_B. I want to automatically advertise the default route received from the ISP in VDOM_A to VDOM_B. Will this happen automatically or do I need to specify it in the BGP advertised network list or via the default-information-originate' command ?   Thank you.

Hello I want to configure a L2 VLXAN over IPSEC tunnel. Previously I have had this working with multiple VLANs that entered the Fortigate via tagged sub-interfaces (TRUNK interfaces from my switches). However, this time, I have a single VLAN environment on both sides (ACCESS switchports connecting to untagged interfaces on my Fortigates), but that single VLAN is tagged differently on both sides e.g. SIDE_A=VLAN 10 & SIDE_B=VLAN 20. Therefore I need traffic entering SIDE_A Fortigate as VLAN 10 to exit SIDE_B Fortigate as VLAN 20. Is this possible at all ?

Hello, I am trying to convert incoming port 22 to 2222 with a VIP rule. However I want to keep the same external and internal IP address. The VIP will not accept this. Is there any way to only convert incoming ports with the same address ?